CMIT 425 Exam Study Questions and
Answers8
Companies implement controls and countermeasures to reduce the amount of risk to a level
deemed "acceptable." Why doesn't a company seek to eliminate all risk? - ANSWERS -The cost
of eliminating some risks may exceed the actual cost of a loss caused when the risk
materialized.
A ___________ is a potential danger which occurs when a ___________ exploits a vulnerability.
- ANSWERS -threat, threat agent
Which of the following is NOT a category of control types? - ANSWERS -protects or assures the
accuracy and reliability of information and systems.
Integrity is the principle that _________________. - ANSWERS -
An exposure occurs when a vulnerability _____________. - ANSWERS -creates the possibility of
incurring a loss or experiencing harm.
Confidentiality can be protected by implementing which of the following controls? - ANSWERS -
Software digital signing to verify recipients.
Data hiding and data obscuring techniques.
Encrypting data at rest and in transit.
, Clustering and load balancing are controls that ________ - ANSWERS -map to the Availability
component of the AIC triad.
Balanced security refers to _____________ - ANSWERS -weighing choices in controls against the
magnitude of risk presented by a variety of threats.
addressing threats and implementing controls for availability, integrity, and confidentiality.
understanding the concepts of the AIC triad.
Which of the following best describes a security program? - ANSWERS -A group of standards,
regulations, and best-practices.
An organization within an enterprise that houses business activities related to providing
security.
A framework made up of many entities that work together to provide protection for an
organization.
Which of the following is used to reduce the risk of vulnerabilities in purchased or acquired
hardware and software products? - ANSWERS -Supply Chain Risk Management
Hashing is a control that _______ - ANSWERS -maps to the Integrity component of the AIC triad.
Which category of control types is referred to as "soft controls?" - ANSWERS -Administrative
Risk can be reduced by _____________. - ANSWERS -applying countermeasures to eliminate
vulnerabilities.
Answers8
Companies implement controls and countermeasures to reduce the amount of risk to a level
deemed "acceptable." Why doesn't a company seek to eliminate all risk? - ANSWERS -The cost
of eliminating some risks may exceed the actual cost of a loss caused when the risk
materialized.
A ___________ is a potential danger which occurs when a ___________ exploits a vulnerability.
- ANSWERS -threat, threat agent
Which of the following is NOT a category of control types? - ANSWERS -protects or assures the
accuracy and reliability of information and systems.
Integrity is the principle that _________________. - ANSWERS -
An exposure occurs when a vulnerability _____________. - ANSWERS -creates the possibility of
incurring a loss or experiencing harm.
Confidentiality can be protected by implementing which of the following controls? - ANSWERS -
Software digital signing to verify recipients.
Data hiding and data obscuring techniques.
Encrypting data at rest and in transit.
, Clustering and load balancing are controls that ________ - ANSWERS -map to the Availability
component of the AIC triad.
Balanced security refers to _____________ - ANSWERS -weighing choices in controls against the
magnitude of risk presented by a variety of threats.
addressing threats and implementing controls for availability, integrity, and confidentiality.
understanding the concepts of the AIC triad.
Which of the following best describes a security program? - ANSWERS -A group of standards,
regulations, and best-practices.
An organization within an enterprise that houses business activities related to providing
security.
A framework made up of many entities that work together to provide protection for an
organization.
Which of the following is used to reduce the risk of vulnerabilities in purchased or acquired
hardware and software products? - ANSWERS -Supply Chain Risk Management
Hashing is a control that _______ - ANSWERS -maps to the Integrity component of the AIC triad.
Which category of control types is referred to as "soft controls?" - ANSWERS -Administrative
Risk can be reduced by _____________. - ANSWERS -applying countermeasures to eliminate
vulnerabilities.
